| Submitted By | Date |
|---|
| Comment |
|---|
| 2009-10-04 18:45:22 |
| The overwhelming majority of hits I've seen are
Doomjuice.A &;; B.
Nachi and Vesser have been very rare.
I've also been sent "Phatbot3" which is probably
a modified version of Argobot.
|
| Karma | 2009-10-04 18:45:22 |
| Although MyDoom may listen on 3127, this activity is probably that of DoomJuice or Nachi.B/C variants "looking" for MyDoom backdoors. |
| K-OTik.COM (TechNet) | 2009-10-04 18:45:22 |
| As you know MyDoom.A machines are exploited by MyDoom.C and Vesser - There is a faster and more dangerous worm exploiting these machines : his name is "kiddies" !!
so here is one of the codes used by kiddies to exploit Mydoom.A machines (many other codes in the wild)
http://www.securityfocus.com/archive/1/353325
http://www.k-otik.com
|
| Brian Porter | 2004-02-10 19:50:07 |
| MyDoom.C / Doomjuice
http://www.lurhq.com/mydoom-c.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A
http://us.mcafee.com/virusInfo/default.asp?id=description&;virus_k=101002
http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html
http://www.f-secure.com/v-descs/doomjuice.shtml
http://www.viruslist.com/eng/alert.html?id=930701 |
| 2004-02-06 22:18:53 |
| The Win32.Mydoom computer-virus opens and listens to the TCP port 3127,
(if this port is already in use, the worm tries the next one free
from the range 3128- 3199). The backdoor appears to have two main
functions: execution of remotely-supplied code, and port forwarding.
Reference: http://www3.ca.com/virusinfo/virus.aspx?ID=38102
|
| sfuechsli | 2004-01-27 18:14:12 |
| WORM_MIMAIL.R (Aliases: W32/Mydoom@MM, Mydoom, Win32.Mydoom.A, W32.Novarg.A@mm) |
